CLIENT 
102 



CLIENT 
103 



"""'""VnetworkY 



SERVER 
110 



DISTRIBUTED 
COMPUTING SYSTEM 
100 



DATABASE 120 



NORMAL USERS 
130 



n 



SENSITIVE USERS 
132 



TABLE 
121 



SENSITIVE 






TABLE 


TABLE 






WITH 


123 






SENSITIVE 






COLUMN 







TABLE 
122 



m 



NORMAL DATABASE 
ADMINISTRATORS 
134 



SECURITY 
OFFICER 
136 



FIG. 1 



f 



START 
200 



P 
42 
SI 



m 



ns 

m 





r 


GENERATE ENCRYPTION KEY 
RANDOMLY 
202 




f 


ENCRYPT DATA ITEM WITH 
ENCRYPTION KEY 
204 




f 


ENCRYPT ENCRYPTION KEY 
WITH SPECIAL KEY 
206 




f 


STORE ENCRYPTED KEY AS 
TABLE ATTRIBUTE 
208 


1 


r 




RECEIVE COMMAND TO 
PERFORM ADMINISTRATIVE 
FUNCTION ON OBJECT IN 
DATABASE SYSTEM 
302 



END \ 



FIG. 2 




DISALLOW ADMINISTRATIVE 
FUNCTION ON OBJECT OR 
USER 308 



ALLOW 
ADMINISTRATIVE 
FUNCTION TO BE 
PERFORMED 
310 



/ END \ 



FIG. 3 




RECEIVE REQUEST TO PERFORM OPERATION ON 
DATA ITEM 
402 





FIG. 4 



